Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#51 Use a MAC instead of a hash or CRC

closed
nobody
8
2011-06-16
2011-06-09
Marco Schulze
No

Currently, we store a hash (e.g. SHA1) or a CRC (e.g. CRC32) additionally to the payload data. This allows to find out reliably whether the key and IV used to decrypt the data are correct (e.g. to find out whether the password provided by the user opening the key-store was correct). However, this is not good protection against data manipulation. An attacker could theoretically change both the data and the checksum inside the ciphertext (without the need to decrypt it!) in a way that would be undetected.

The solution to this problem is a MAC - http://en.wikipedia.org/wiki/Message_authentication_code - and there is BouncyCastle lightweight API available. We need to integrate this into our CryptoRegistry as a simple-to-use MAC API (similar to the Cipher API) and use it everywhere where we encrypt data, i.e.:

* Inside the key-store.
* When sending keys from key-manager to app-server.
* Inside the persistent records (=> CryptoManager-impl).

Discussion

  • Marco Schulze
    Marco Schulze
    2011-06-16

    • status: open --> closed